Working with Non-Global Zones

You can use most IPS commands in a non-global zone the same
way you use them in the global zone. Note that Oracle Solaris 10
branded zones are different from Oracle Solaris 11 non-global zones. IPS commands ignore
Oracle Solaris 10 branded zones. In this book, “non-global zone” means Oracle Solaris
11 non-global zone.

An important difference between the global zone and non-global zones is the use
of package publishers. In a non-global zone, the system repository provides access to
the package repositories configured in the global zone. Publisher configuration changes made to
the global zone are seen immediately by all non-global zones via the system
repository.

Installing Packages in Non-Global Zones

Non-global zones can be affected by installing, updating, and uninstalling packages in the
global zone. When you run the pkg update command with no arguments in the
global zone, the global zone and each non-global zone is updated. See Updating Multiple Non-Global Zones Concurrently
for an example. When you specify package names with the install, update, or
uninstall commands in the global zone, IPS checks each non-global zone and makes
changes only if required to keep the non-global zone compatible with the global
zone. Changing facets and variants in the global zone can also affect non-global
zones.

Tip - Use the -n option to review what changes will be made in non-global
zones as well as in the global zone.

When you run package commands while logged into a non-global zone, only that
non-global zone is affected. You can install different packages and install different versions
of the same package if the result is compatible with the global zone.
You can avoid different packages, freeze packages at different versions, set mediators to
select different default implementations, and set different facets in the non-global zone image.

Versions of packages installed in a non-global zone can be restricted by the
versions installed in the global zone. Some packages cannot be updated or downgraded
in a non-global zone because those packages must be the same version in
the non-global zone as they are in the global zone. For example, the
package named entire must be the same in each non-global zone as in
the global zone. The entire package constrains system package versions so that the
resulting set of packages is a supportable image.

In a non-global zone, the system repository provides access to the package repositories configured
in the global zone. Publisher configuration changes made to the global zone are
seen immediately by all non-global zones via the system repository. The system repository
will proxy http, https, and v4 file repositories and .p5p archive repositories.

The zones proxy is a service that enables pkg commands running inside a
zone to communicate with the system repository, which is running in the global
zone. The zones proxy has two parts. The following service runs in the
global zone:

svc:/application/pkg/zones-proxyd:default

The following service runs in the non-global zone:

svc:/application/pkg/zones-proxy-client:default

See the pkg.sysrepo(1M) man page for more information about the system repository and
zones proxy services.

You cannot reconfigure the system repository from within a non-global zone. For example,
you cannot change the origins or properties of publishers or the publisher search
order of publishers whose location is <system-repository>.

For repositories that are not configured in the global zone, but that are
network or filesystem-accessible to the non-global zone, both of the following commands list
the same packages if file:///export/myrepo is a repository location that is accessible to
the non-global zone:

Updating Multiple Non-Global Zones Concurrently

By default, when you use the pkg update command in the global zone, the
packaging system updates the global zone and each non-global zone serially. To update
multiple non-global zones concurrently, use the -C option or set the PKG_CONCURRENCY
environment variable in the global zone. The -C n option and the PKG_CONCURRENCY=n environment variable specify
to update at most n images in parallel for n greater than or
equal to 1. The default value of n is 1. If n is
0 or a negative number, all non-global zones are updated in parallel with
the global zone.

The PKG_CONCURRENCY environment variable is ignored if the -C option is specified. The
-C option and the PKG_CONCURRENCY environment variable can be used with pkg install, pkg uninstall,
pkg change-variant, and pkg change-facet as well as with pkg update.

Non-global zones do not need to be booted to be updated from
the global zone. The non-global zones only need to be mounted.

In the following example, both non-global zones are updated at the same time
as the global zone: